Overview

overview

6

Static

static

1

0ddc70bab9...11.exe

windows7-x64

6

0ddc70bab9...11.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2023 16:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ddc70bab9470f31384582e27b00c511.exe

  • Size

    2.3MB

  • MD5

    0ddc70bab9470f31384582e27b00c511

  • SHA1

    dad133d158fa74372749ee0434615cf0838ca800

  • SHA256

    06a6d676ed77b5f7758bf57329d6801b9dbb3a2813e059502f17a30dd90aed5c

  • SHA512

    d7f69a375986d46780a84ff342d34395c9487bb46c66b701af269cdf383e62e200f940732e63b573b2852645b8dfb6820705038547af9ca52888fd941d083777

  • SSDEEP

    24576:Xc32c9YFBIkYNPmfMaDnWkZV6a9Dhvh5+O3OT3hrpbGkF/D:XcSIkYNPmfMaF6a3vCOoD

Score
6/10
spyware

Malware Config

Signatures

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ddc70bab9470f31384582e27b00c511.exe
    "C:\Users\Admin\AppData\Local\Temp\0ddc70bab9470f31384582e27b00c511.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4528
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:3576

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3576-0-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/3576-1-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/3576-2-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/3576-3-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download